ownCloud-nginx

Setup OwnCloud on nginx

Here I’ll share my experience of how to setup OwnCloud using Nginx server.

Turns out there is no good tutorial for that.

First – you have to keep in mind that this is set up for sub domain, but that could be easily changed if that does not cover your needs.

Download OwnCloud server

Goto https://owncloud.com/download-server/ and check the proper name of the archive file for the current OwnCloud version.

cd /tmp
wget https://download.owncloud.org/community/owncloud-complete-20201216.zip
unzip owncloud-complete-20201216.zip 
sudo mv owncloud /var/www/owncloud

After that, run the commands below to set the correct permissions for ownCloud to function.

Then run command below to allow www-data user to own the ownCloud directory.

sudo chown -R www-data:www-data /var/www/owncloud/
sudo chmod -R 755 /var/www/owncloud/

Configure Nginx sub domain

Create new configuration for your nginx. We will do that using the following command:

sudo vim /etc/nginx/sites-available/owncloud

then past that in it:

you can find that file content here: https://github.com/sdobreff/owncloud-nginx-conf/blob/main/ouncloud.conf

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate    /path/to/your/ssl/certificate.pem;
    ssl_certificate_key    /path/to/your/ssl/certificate.key;

    error_log /tmp/sslerror.log;

    root /var/www/owncloud;
    index  index.php index.html index.htm;
    server_name  domain.name sub.domain.name;
    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/owncloud/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/owncloud/remote.php/dav;
    }

    location /.well-known/acme-challenge { }

    location ^~ / {

        # set max upload size
        client_max_body_size 512M;

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

        location / {
            rewrite ^ /index.php$uri;
        }

        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            return 404;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            return 404;
        }

        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
                    fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off; #Available since nginx 1.7.11
        }

        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~* \.(?:css|js)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into this topic first.
            #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
            add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }

        location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

Change the:

server { 
  listen 443 ssl; 
  listen [::]:443 ssl;
  ssl_certificate /path/to/your/ssl/certificate.pem;
  ssl_certificate_key /path/to/your/ssl/certificate.key;

to your certificate locations (if you are planing to use SSL to access your OwnCloud server). If not – replace those lines with:

server { 
  listen 80; 
  listen [::]:80;

set you proper VirtualHost root location – root /var/www/owncloud;

and set proper subdomain name – server_name domain.name sub.domain.name; (replace domain.name and sub.domain.name accordingly).

then set the server unix:/var/run/php/php7.4-fpm.sock; pointing your PHP version and path.

Save the file and exit.

After saving the file above, run the commands below to enable the new site, then restart Nginx server.

sudo ln -s /etc/nginx/sites-available/owncloud /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service

Create database for OwnCloud

For this example I’m using MySql, but you can use Maria DB if you prefer.

Logon to MySql database console using your credentials with the commands below:

sudo mysql -u root -p

Then create a database called owncloud

CREATE DATABASE owncloud;

Next, create a database user called ownclouduser and set password

CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'new_password_here';

Then grant the user full access to the database.

GRANT ALL ON owncloud.* TO 'ownclouduser'@'localhost' WITH GRANT OPTION;

Finally, save your changes and exit.

FLUSH PRIVILEGES;
EXIT;

Problems with OwnCloud

At the time of this article writing, there is problem with the OwnCloud server which returns 500 error like this:

2020/12/31 10:14:33 [error] 629022#0: *105 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Cannot redeclare normalizer_is_normalized() (previously declared in /var/www/owncloud/lib/composer/symfony/polyfill-intl-normalizer/bootstrap.php:15) in /var/www/owncloud/lib/composer/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php on line 20" while reading response header from upstream, client: 1.1.1.1, server: code.domain.name, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "code.domain.name"

Open the intl.php file

vim /var/www/owncloud/lib/composer/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php

and comment out the following lines:

#function normalizer_is_normalized($s, $form = s\Normalizer::NFC) {return s\Normalizer::isNormalized($s, $form);}
#function normalizer_normalize($s, $form = s\Normalizer::NFC) {return s\Normalizer::normalize($s, $form);}

 


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *